CERT's 'favoritism' draws fire

A group widely used by security companies as a clearinghouse for newly discovered software vulnerabilities has raised the ire of a well-known researcher, who criticized its policy of disclosing information early to preferred members. In an e-mail released to a public security mailing list this week, a vulnerability research company took to task the nonprofit Computer Emergency Response Team (CERT) Coordination Center at Carnegie Mellon University. In the e-mail, noted security researcher Mark Litchfield wrote that his company would no longer submit information on security flaws to the CERT center. Such a submission, he wrote, is “an act of good faith” intended to give information technology administrators the information they need to patch their systems. But Litchfield said he felt “a betrayal of trust” because CERT had “leaked (the information) to certain organizations and government departments” before passing it on to IT workers. Full Story

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.